# create an osbs server
- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_control"
- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_control_stg"
- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_nodes:osbs_masters"
- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_nodes_stg:osbs_masters_stg"
- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_aarch64_nodes_stg:osbs_aarch64_masters_stg:osbs_aarch64_nodes"
- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_aarch64_masters"

- name: make the box be real
  hosts: osbs_control:osbs_masters:osbs_nodes:osbs_control_stg:osbs_masters_stg:osbs_nodes_stg:osbs_aarch64_masters_stg:osbs_aarch64_nodes_stg:osbs_aarch64_masters:osbs_aarch64_nodes
  tags:
    - osbs-cluster-prereq
  user: root
  gather_facts: True

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
  - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  roles:
    - base
    - rkhunter
    - nagios_client
    - hosts
    - ipa/client
    - sudo
    - rsyncd

  tasks:
    - name: put openshift repo on os- systems
      template: src="{{ files }}/openshift/openshift.repo" dest="/etc/yum.repos.d/openshift.repo"
      tags:
      - config
      - packages
      - yumrepos
    - name: install redhat ca file
      package:
         name: subscription-manager-rhsm-certificates
         state: present
    - import_tasks: "{{ tasks_path }}/motd.yml"

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: OSBS control hosts pre-req setup
  hosts: osbs_control:osbs_control_stg
  tags:
    - osbs-cluster-prereq
  user: root
  gather_facts: True

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
    - name: deploy private key to control hosts
      copy:
        src: "{{private}}/files/osbs/{{env}}/control_key"
        dest: "/root/.ssh/id_rsa"
        owner: root
        mode: 0600

    - name: set ansible to use pipelining
      ini_file:
        dest: /etc/ansible/ansible.cfg
        section: ssh_connection
        option: pipelining
        value: "True"

- name: Setup cluster masters pre-reqs
  hosts: osbs_masters_stg:osbs_masters:osbs_aarch64_masters_stg:osbs_aarch64_masters
  tags:
    - osbs-cluster-prereq
  user: root
  gather_facts: True

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
    - name: ensure origin conf dir exists
      file:
        path: "/etc/origin"
        state: "directory"

    - name: create cert dir for openshift public facing REST API SSL
      file:
        path: "/etc/origin/master/named_certificates"
        state: "directory"

    - name: install cert for openshift public facing REST API SSL
      copy:
        src: "{{private}}/files/osbs/{{env}}/osbs-internal.pem"
        dest: "/etc/origin/master/named_certificates/{{osbs_url}}.pem"

    - name: install key for openshift public facing REST API SSL
      copy:
        src: "{{private}}/files/osbs/{{env}}/osbs-internal.key"
        dest: "/etc/origin/master/named_certificates/{{osbs_url}}.key"

    - name: place htpasswd file
      copy:
        src: "{{private}}/files/httpd/osbs-{{env}}.htpasswd"
        dest: /etc/origin/master/htpasswd


- name: Setup cluster hosts pre-reqs
  hosts: osbs_masters_stg:osbs_nodes_stg:osbs_masters:osbs_nodes:osbs_aarch64_masters_stg:osbs_aarch64_nodes_stg:osbs_aarch64_masters:osbs_aarch64_nodes
  tags:
    - osbs-cluster-prereq
  user: root
  gather_facts: True

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  handlers:
    - name: restart NetworkManager
      service:
        name: NetworkManager
        state: restarted

  tasks:
    - name: Install necessary packages that openshift-ansible needs
      package:
        state: installed
        name:
          - tar
          - rsync
          - python3-dbus
          - NetworkManager
          - python3-libselinux
          - python3-PyYAML

    - name: Deploy controller public ssh keys to osbs cluster hosts
      authorized_key:
        user: root
        key: "{{ lookup('file', '{{private}}/files/osbs/{{env}}/control_key.pub') }}"

    - name: Create file for eth0 config
      file:
        path: "/etc/sysconfig/network-scripts/ifcfg-eth0"
        state: touch
        mode: 0644
        owner: root
        group: root

    # This is required for OpenShift built-in SkyDNS inside the overlay network
    # of the cluster
    - name: ensure NM_CONTROLLED is set to "yes" for osbs cluster
      lineinfile:
        dest: "/etc/sysconfig/network-scripts/ifcfg-eth0"
        line: "NM_CONTROLLED=yes"
      notify:
        - restart NetworkManager

    # This is required for OpenShift built-in SkyDNS inside the overlay network
    # of the cluster
    - name: ensure NetworkManager is enabled and started
      service:
        name: NetworkManager
        state: started
        enabled: yes

    - name: cron entry to clean up docker storage
      copy:
        src: "{{files}}/osbs/cleanup-docker-storage"
        dest: "/etc/cron.d/cleanup-docker-storage"

    - name: copy docker-storage-setup config
      copy:
        src: "{{files}}/osbs/docker-storage-setup"
        dest:  "/etc/sysconfig/docker-storage-setup"

    - name: update ca certificates
      command: 'update-ca-trust'

- name: Deploy kerberose keytab to cluster hosts
  hosts: osbs_masters_stg:osbs_nodes_stg:osbs_masters:osbs_nodes:osbs_aarch64_masters_stg:osbs_aarch64_nodes_stg:osbs_aarch64_masters:osbs_aarch64_nodes
  tags:
    - osbs-cluster-prereq
  user: root
  gather_facts: True

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - role: keytab/service
    owner_user: root
    owner_group: root
    service: osbs
    host: "osbs.fedoraproject.org"
    when: env == "production"
  - role: keytab/service
    owner_user: root
    owner_group: root
    service: osbs
    host: "osbs.stg.fedoraproject.org"
    when: env == "staging"

- name: Deploy OpenShift Cluster x86_64
  hosts: osbs_control:osbs_control_stg
  tags:
    - osbs-deploy-openshift
    - osbs-x86-deploy-openshift
  user: root
  gather_facts: True

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
    - role: ansible-ansible-openshift-ansible
      cluster_inventory_filename: "{{ inventory_filename }}"
      openshift_master_public_api_url: "https://{{ osbs_url }}:8443"
      openshift_release: "v3.11"
      openshift_version: "v3.11"
      openshift_pkg_version: "-3.11*"
      openshift_ansible_path: "/root/openshift-ansible"
      openshift_ansible_pre_playbook: "playbooks/prerequisites.yml"
      openshift_ansible_playbook: "playbooks/deploy_cluster.yml"
      openshift_ansible_version: "openshift-ansible-3.11.51-1"
      openshift_ansible_ssh_user: root
      openshift_ansible_install_examples: false
      openshift_ansible_containerized_deploy: false
      openshift_cluster_masters_group: "{{ cluster_masters_group }}"
      openshift_cluster_nodes_group: "{{ cluster_nodes_group }}"
      openshift_cluster_infra_group: "{{ cluster_infra_group }}"
      openshift_auth_profile: "osbs"
      openshift_cluster_url: "{{osbs_url}}"
      openshift_master_ha: false
      openshift_debug_level: 2
      openshift_shared_infra: true
      openshift_deployment_type: "openshift-enterprise"
      openshift_ansible_use_crio: false
      openshift_ansible_crio_only: false
      tags: ['openshift-cluster-x86','ansible-ansible-openshift-ansible']

- name: Deploy OpenShift Cluster aarch64
  hosts: osbs_control:osbs_control_stg
  tags:
    - osbs-deploy-openshift
    - osbs-aarch-deploy-openshift
  user: root
  gather_facts: True

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
    - role: ansible-ansible-openshift-ansible
      cluster_inventory_filename: "{{ inventory_filename }}"
      openshift_htpasswd_file: "/etc/origin/htpasswd"
      openshift_master_public_api_url: "https://{{ osbs_url }}:8443"
      openshift_release: "v3.11"
      openshift_version: "v3.11"
      openshift_pkg_version: "-3.11.2"
      openshift_ansible_path: "/root/openshift-ansible"
      openshift_ansible_pre_playbook: "playbooks/prerequisites.yml"
      openshift_ansible_playbook: "playbooks/deploy_cluster.yml"
      openshift_ansible_version: "openshift-ansible-3.11.51-1"
      openshift_ansible_ssh_user: root
      openshift_ansible_install_examples: false
      openshift_ansible_containerized_deploy: false
      openshift_cluster_masters_group: "{{ aarch_masters_group }}"
      openshift_cluster_nodes_group: "{{ aarch_nodes_group }}"
      openshift_cluster_infra_group: "{{ aarch_infra_group }}"
      openshift_auth_profile: "osbs"
      openshift_cluster_url: "{{osbs_url}}"
      openshift_master_ha: false
      openshift_debug_level: 2
      openshift_shared_infra: true
      openshift_deployment_type: "origin"
      openshift_ansible_python_interpreter: "/usr/bin/python3"
      openshift_ansible_use_crio: false
      openshift_ansible_crio_only: false
      openshift_arch: "aarch64"
      tags: ['openshift-cluster-aarch','ansible-ansible-openshift-ansible']

- name: Setup OSBS requirements for OpenShift cluster hosts
  hosts: osbs_masters_stg:osbs_nodes_stg:osbs_masters:osbs_nodes
  tags:
    - osbs-cluster-req
  user: root
  gather_facts: True

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
    - name: Ensures /etc/dnsmasq.d/ dir exists
      file: path="/etc/dnsmasq.d/" state=directory
    - name: install fedora dnsmasq specific top-config
      copy:
        src: "{{files}}/osbs/fedora-dnsmasq-master.conf.{{env}}"
        dest: "/etc/dnsmasq.conf"
      when:
        is_fedora is defined or (ansible_distribution_major_version|int > 8 and ansible_distribution == 'RedHat')
    - name: install fedora dnsmasq specific sub-config
      copy:
        src: "{{files}}/osbs/fedora-dnsmasq.conf.{{env}}"
        dest: "/etc/dnsmasq.d/fedora-dns.conf"
